1. Field of the Invention
The present invention generally relates to data security systems and, in particular, to a system and method for preventing unauthorized access of a database that can be accessed remotely by authorized users.
2. Related Art
Current database systems store a variety of information, and it is often desirable to keep the information stored within many database systems private. Therefore, in many applications, it is important to allow only authorized users to access the information stored within a database system. Furthermore, it is often desirable for authorized users to access the information within the database system from remote locations. However, allowing access to database systems from remote locations presents certain security concerns. For example, it usually becomes easier for unauthorized users, sometimes referred to as xe2x80x9chackers,xe2x80x9d to access information within the database system when remote access of the database system is allowed for authorized users.
In this regard, if access to the database system is only provided through devices at the premises of the database system (i.e., remote access is not allowed), then access to the premises and, hence, the database system can be effectively limited to authorized users of the database system. However, if access to the database system from remote locations is allowed, then it becomes easier for unauthorized users to gain access to the database system.
For example, in many prior art systems, a server at the premises of the database system is utilized to enable remote access to the database system. To retrieve data from the database system remotely, an authorized user establishes communication with the server, and the server verifies that the user is an authorized user. For example, the server typically requires the user to enter a valid password before allowing the user to connect to the database system. If the user enters a valid password, then the server allows the user""s computer (the client) to connect to the database system. The client then queries the database system through Structured Query Language (SQL) queries (or other types of queries) in order to retrieve the desired data from databases within the database system.
Many times, the user is only authorized to access certain data within the database system. Therefore, the database system typically includes security features that restrict the user""s access to certain data within the database system based on the user""s password, which identifies the user. If the user submits an acceptable query (i.e., a query for information that is within the user""s authorized data), then the database system retrieves the requested data and returns it to the client computer via the server. Remote access to at least a portion of the database system is thereby enabled.
Since remote access to the server is necessary to allow the database system to be accessed at remote locations by authorized users, hackers typically are capable of establishing communication with the server associated with the database system. Once communication with the server is established, hackers often are prevented from connecting with the database system primarily through the security measures in place at the server that verify a user as being an authorized user. However, the security measures at the server are not always adequate.
For example, a hacker might discover a valid password through a variety of hacking methods. One such method could include the interception of data communications between the server and an authorized user to discover a valid password. Even if the communications between the server and the authorized user are encrypted, current encryption techniques can sometimes be broken and deciphered by hackers. Therefore, a hacker can use the password to gain connectivity with the database system. Once connected to the database system, the hacker can then access any information within the database accessible to the password. Furthermore, the hacker can attempt to defeat the security measures in place at the database system to gain access to other information in the database system as well.
Accordingly, providing remote access to database systems allows hackers, through a variety of methods, certain opportunities to access the data within the database system. As a result, many database systems containing sensitive or important information are either restricted from remote access entirely or allow remote access with the risk that a potential hacker can break into the database system and retrieve or manipulate the data therein.
Thus, a heretofore unaddressed need exists in the industry for providing a more secure system and method of allowing remote access to a database system.
The present invention overcomes the inadequacies and deficiencies of the prior art as discussed herein. In general, the present invention provides a system and method for securely accessing a database from a remote location.
The present invention utilizes a client computer (client), a server computer (server), and a database system. The client establishes communication with the server and transmits a user password to the server. The server receives the user password and translates the user password into an alias or different password. When the client submits a request for data contained in the database system, the server accesses the database system using the alias password. The database system allows the server to access information within the database system based on the alias password. Since the database system recognizes the alias password instead of the user password, only attempts to access the database via the server (after passing the security measures in place at the server) should be successful.
In accordance with another feature of the present invention, the server maintains a password table. The password table includes a plurality of entries. Each entry correlates a respective user password with a respective alias password. The server accesses the entry in the password table corresponding with the user password and retrieves the alias password from the entry.
In accordance with another feature of the present invention, the server transmits the user password to a remote server. The remote server translates the user password into a second alias or different password. The remote server then accesses a remote database system associated with the remote server via the second alias password.
The present invention has many advantages, a few of which are delineated hereafter, as mere examples.
An advantage of the present invention is that a database system can be remotely accessed.
Another advantage of the present invention is that unauthorized access of a remotely accessible database system can be prevented.
Another advantage of the present invention is that a database system can be remotely accessible without allowing unauthorized users to connect with the database system.
Another advantage of the present invention is that information within a plurality of databases located remotely from each other can be accessed in a secured environment.
Another advantage of the present invention is that an unauthorized user having a valid password can be identified as an unauthorized user by the database system.
Another advantage of the present invention is that a remotely accessible database system can be secured even if encrypted messages between the client and server are intercepted and deciphered during a data session between the client and server.
Other features and advantages of the present invention will become apparent to one skilled in the art upon examination of the following detailed description, when read in conjunction with the accompanying drawings. It is intended that all such features and advantages be included herein within the scope of the present invention, as is defined by the claims.